from SecurityTracker Alert ID: 1011367 Date: Sep 21 2004 Impact: Execution of arbitrary code via network, User access via network Exploit Included: Yes Version(s): 1.9.15 Description: A vulnerability was reported in LaTeX2rtf. A remote user can create a specially crafted file that, when processed by LaTeX2rtf, will cause arbitrary code to be executed on the target system. D. J. Bernstein reported that there is a buffer overflow in expandmacro() when copying user-supplied data. The overflow can be triggered to execute arbitrary code. It is reported that there are buffer overflows in other parts of the code, including Environments and the TranslateCommand. Impact: A remote user can create a document that, when processed by the target user, will execute arbitrary code on the target user's system with the privileges of the target user. Solution: No solution was available at the time of this entry. ______________________________ Mail from DJB including an exploit can be found at http://securesoftware.list.cr.yp.to/archive/0/09 Debian Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=272612 The full Debian patchset can be found at http://http.us.debian.org/debian/pool/main/l/latex2rtf/latex2rtf_1.9.15-2.diff.gz latex2rdf is currenly ~arch masked
Created attachment 40153 [details, diff] extracted Debian patch This patch was extracted from the Debian patch set, it should be the relevant one... please double check. DJB noted btw, that there are more buffer overflows in latex2rdf.
s/latex2rdf/latex2rtf/ in comments ;-)
text-markup, can you look into this and apply the patch if appropriate
text-markup herd, could you please create a new ebuild to fix this vulnerability this bug is now about 5 days old
Sorry for the delay (I was not reading emails this weekend). I'll look into this one.
I've verified and committed latex2rtf-1.9.15-r2.ebuild (and p.masked 1.9.15-r1).
Thanks usata :) Closing, since keywords appear to be right already and no GLSA is needed (~arch packet).
